HI,

I am trying to use upsert function to update value of column in an index.
My column is not getting updated.It shows only sagstatus = SAGReceived.

input {
beats {
port => 5044
}
}

The filter part of this file is commented out to indicate that it is

optional.

>  filter { 
> 	if [fields][log_type] == "ABC" {
> 		if "MNO" in [message] {
> 			dissect {
> 				mapping => { 
> 					message => "%{date} ##%{HostName}##%{ABC}##%{SourceMessage}" }
> 			}
> 			xml {
> 				source => "SourceMessage"
> 				store_xml => false
> 				xpath => ["/a/b/text()", "msg_type"]
> 						
> 			} 	
> 			mutate { 
> 				add_field => { "SAGstatus" => "SAGReceived" }
> 				add_field => { "STO_Number" => "%{HostName}" }
> 				remove_field => [ "SourceMessage","Filler1","Filler2","Filler3","Filler4","Filler5","Filler6","Filler7","ServiceContextId" ]
> 							}
> 		}
> 
> 		if "def" in [message] {
> 			dissect {
> 				mapping => { 
> 					message => "%{Timestamp} ##%{HostName}##%{def}" }
> 		}
> 			mutate { 
> 				remove_field => [ "Filler1","Filler2","Filler3","Filler4","Filler5","Filler6","Filler7","ServiceContextId" ]
> 				add_field => { "SAGstatus" => "SAGProcessed" }
> 				add_field => { "STO_Number" => "%{HostName}" }
> 			}		
> 		}

output {
 elasticsearch 
		{
		hosts => "localhost:9200"
		manage_template => false
		index => "manage-%{+YYYY.MM.dd}" 
		action => "update"
		document_id => "%{STO_Number}"
		doc_as_upsert => true
		}
 stdout { codec => rubydebug }
}

When SAGProcessed log is run for same STO_Number , SAG_status is not getting updated to SAG_processed.
Please help if you see any discrepancy in logstash or any other probable cause of not updating.

I am facing the similar issue

Hey Varun,

Did you get any leads on it.

no updates on this . sorry

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.